2GlobaLeaks & tor web * 26/05/2012tetalab

?Who am I

● A Random GlobaLeaks Contributor

● ' ( - We re a group mostly italian based we hope in an

– ' ;)international expansion and you re welcome

: goal became a community

● Every member of GlobaLeaks is : A Random GlobaLeaks ...

( Contributor | Developer | Spokesperson | Advocate )

● , To get my attention “vecna” is the real name and

.“Claudio Agosti” the nickname inside the matrix

Agenda

● ?What is Whistleblowing

● .How is the existing whistleblowing ecosystem made

● ?What is GlobaLeaks

● ' 2 ( )What s Tor and Tor web short intro

● ?How does GlobaLeaks work

● ?Who will use GlobaLeaks

WhistleBlowing

The act of speaking up in the public

interest

’ It s related to Transparency and Public

Disclosure

.Whistleblowing is not just leaking

1969, 1971, 2002

Responsible for releasing the Pentagon

Papers detailing the US involvement in the

1969Vietnam war in

1971 - Testified against police corruption in

He liked to call “individuals who seek truth

and justice even in the face of great personal

risk” lamp lighters

, Worked at Enron WorldCom and the FBI and

exposed how the US government had

9/11 .underestimated the risk of the attacks

!We need more Wbs

... And we need them to stay whistleblowers

Would Mark Felt have managed to

30 remain Anonymous for years in the

?monitored world of today

– .Maybe not

?Why WB can help us

- Against “White collar crimes”

Against the fear of repercussion

Against every malpractice that continue

, because , who knows believe: “ What

? , I can do Nothing nothing will

change. ”

Active citizenship

, which of two common types of character for the

, general good of humanity it is most desirable

— , should predominate the active or the passive

; , type that which struggles against evils or that

; which endures them that which bends to

, circumstances or that which endeavours to

. make circumstances bend to itself ” John Stuart

, " " (1869)Mill Representative Government

Existing WB platform

WB is a cultural concept, not just

technological

– ... !But available technology really sucks

Anonymity is not technologically supported

Closed source

– Security not verified by third parties

– Improvements are limited to vendors

will

Whistleblowing environment

?Exist an index

:// .https leakdirectory org

Most comprehensive resource on WB

Community driven

The perfect WB flow

' I m a person aware of something important, and I want to

share with somebody competent without compromising my

(identity ' I m a WB)

(I find the pertinent WB initiative GlobaLeaks node)

I upload the data in a safe place provided by the initiative

(tip), everyone subscribed in the node receive my tip

(receivers), ' I ve a safe way to come back in the submission

, ( page otherwise accessible only to the receiver a receipt)

, They can comments and verify my data I can comment back

, . and integrate with new data if required

– GL keywords simple list

– WB him protection in the first place

– ' , Node They don t require technical knowledge

we want provide it

– ( ?) Tip safe pseudo anonymous area with

limited time to live

– Receiver trustworthy persons

: Actor in GlobaLeaks WB

WB does not require technical

. , knowledge Can interact with the node

, anonymously simply with a browser

● ' , We re working on the new release

supporting mobile app

: Actor in GlobaLeaks Receiver

/ She He is the person responsible for

analyzing the material

(Experts in the context corruption in

, , ...Toulouse animal right watch )

Diversified actors help in analysis

.Share the same data with the others R

– – Can leak the data and would be bad

: Actor in GlobaLeaks Admin

, Node administrator is the role of the person or the

group that maintain the initiative

Understand “context” to be handled

● , . Describe the context publicize the initiative

. targets of communication are the WB

● , Select the receivers suggest a guideline and

.some kind of “gentleman agreement”

● .Define security and technical settings of the node

– !Settings likely to be indexed

GlobaLeaks flow

. “ ”For every R a Tip is generated

Receivers

,Verify by data , ,publish data or results

ask to the WB other data

The data is submitted

WhistleBlower

,Mobile client app initiative website GL node

Anonymous submission

Notification

Process

Receipt

,Using the receipt before the Tip expire

WhistleBlower Update

data

answ

er co

mment

Coordinate release

If you know something, you can do something about it

“ Tip” in GlobaLeaks

Seem a simple web link

● Unique for every receiver

● , Perform authentication itself having this

, link give access to the “not yet released

document”

● ( Expire on trigger time based or amount of

)download

GlobaLeaks project goals

GlobaLeaks is Free Software

● And we have no power or visibility in an external

.running instance

● - ! We do not run WB initiative This allows us as

.programmers minimal responsibility

● Anybody can create a node independently from

our moral judgment

, GlobaLeaks is flexible aim to fit in every needs

( : , field most interested media civic

/ )engagement corporate PA transparency

GlobaLeaks code status

0.1 , .release completed and usable

● ! Very poor feature set ( !)try the virtual image

0.2 , release recently started

● - Client Server separation ( )GLClient GLBackend

● ( )APAF development Google summer of code

● 2 3.0 Tor Web

, Tor ;)intro for people living on the moon

, 10 Free software sponsored by EFF yrs

:// . .https www torproject org

Technological anonymity is the only

way to permit freedom of expression of

minorities and people under regime

, Tor intro for people living on the moon

?How does it works

, Tor intro for people living on the moon

Every service require some kinds of

registration

● ?A domain

● ? A public IP address

● / / ?A login password email

!Hidden service does not

, Tor intro for people living on the moon

Reach an hidden service require to be

part of the Tor network ( 2011 ;)until the

2 – Tor Web hidden service reachable

2 Tor Web is a web proxy, that permit

- :to reach a Tor only address like

2 .cneiofu buitbvguiwe onion

, :simply from your browser using

:// 2 . 2 .https cneiofu buitbvguiwe tor web org

2 – Tor Web SSL

2 , Tor web use a wildcard SSL certificate

and this certificate need to be shared

among the network

This security issue can be solved by

servers federation

– : 2 In short a group serving tor web from

2 . , tor web org cert another serving from

. , yadda net cert balancing the traffic

.load

2 – Tor Web Issues

Users need to understand that the

content served are not in properties of

the server

● Therefore need to accept a disclaimer

● And hotlinking would not be permitted

2 – Tor Web Issues

Caching

Comfort loader

!We need more nodes

● ?Do you have unused IP space

● 2 ?Do you want to help support t w network

● 2 2 !Currently there are only t w node

– 2 Tor T W section concluded

2 Tor web permits hidden service to be

– receiver by default browser this is

extremely required by GL

, Tor starting management and

configuration can be done in a flexible

, library and is covered by APAF

: WB adopters Media

Journalist has very excited to receive not yet

,disclosed information

Two previously tests had show limits

Transparency hacktivism

NGO and informal activism organisations

They will promote the GL node

They will only promote the GL node and others will

analyze the data

Advocacy on the importance of Transparency and

accountability

● Or Corruption spotting

Corporate transparency

Important tool to be integrated within the corporate

organizational model

Typically managed by internal audit

Accountability mandated by the law

● - ( )Sarbanes Oxley Act USA

● 231 ( )Dlgs Italy

Public Agencies

Internal and external public WB services

USA IRS, US SEC, EU Antitrust

, Involve citizens into spotting tax evasion market

, , manipulation corruption malpractice in health and

environment

Technical goals

0.2 release has the goal to be Modularized

We need flexibility to cover all the various ideas that

come out

● notification method using social network service

● -Or distributed storage Tahoe LAFS

● Enable end to end encryption

● Permit phone app generation for node maintainer

● ;)Be able to run on an portable device

– :// . / / /https github com globaleaks GlobaLeaks issues

Technical elements

0.2 GLBackend using ORM SQLAlchemy and Twisted

( )network handler python

, APAF use twisted import GPG and Tor and export an hi

level abstraction able to provide platform independent

( )anonymity and cryptography operations python

GLClient use the RESTful interface developed in Backend

( , )javascript others

: . . #Developer welcome irc oftc net globaleaks

FAQ

/ / / / If the CIA FBI Spectre AlQuaeda Scientology start to run a

rogue ?node

?What if a receiver publish something not yet verified

Anonymous submission can be abused in information

?pollution

?How a WB can find the right node

!Thanks

2 : tor web wiki :// . 2 . / . / _http wiki tor web org index php Main Page

2 3.0: tor web :// . / / 2 -3.0https github com globaleaks tor web

GlobaLeaks :// . / /https github com globaleaks GlobaLeaks

- - - : Very old launch website :// . .http www globaleaks org

: Project status update :// . .http wiki globaleaks org

: Discussion mailing list @ .people globaleaks org

: REMEMBER ONLY ONE “L” IN THE MIDDLE OF

GLOBAL ;)EAKS